mbedtls: avoid using a large buffer on the stack

Use dynamic memory allocation for the buffer used in checking "pinned
public key". The PUB_DER_MAX_BYTES parameter with default settings

mbedtls: avoid using a large buffer on the stack

Use dynamic memory allocation for the buffer used in checking "pinned
public key". The PUB_DER_MAX_BYTES parameter with default settings is
set to a value greater than 2kB.

Co-authored-by: Daniel Stenberg
Closes #7586

show more ...

configure: make --disable-hsts work

The AC_ARG_ENABLE() macro itself uses a variable called
'enable_[option]', so when our script also used a variable with that
name for the purpose

configure: make --disable-hsts work

The AC_ARG_ENABLE() macro itself uses a variable called
'enable_[option]', so when our script also used a variable with that
name for the purpose of storing what the user wants, it also
accidentally made it impossible to switch off the feature with
--disable-hsts. Fix this by renaming our variable.

Reported-by: Michał Antoniak
Fixes #7669
Closes #7672

show more ...

config.d: note that curlrc is used even when --config

Bug: https://github.com/curl/curl/pull/7666#issuecomment-912214751
Reported-by: Viktor Szakats

Closes https://github.com/cu

config.d: note that curlrc is used even when --config

Bug: https://github.com/curl/curl/pull/7666#issuecomment-912214751
Reported-by: Viktor Szakats

Closes https://github.com/curl/curl/pull/7667

show more ...

RELEASE-NOTES: synced

test1173: check references to libcurl options

... that they refer to actual existing libcurl options.

Reviewed-by: Daniel Gustafsson
Closes #7656

CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also

Closes #7656

opt-docs: verify man page sections + order

In every libcurl option man page there are now 8 mandatory sections that
must use the right name in the correct order and test 1173 verifies

opt-docs: verify man page sections + order

In every libcurl option man page there are now 8 mandatory sections that
must use the right name in the correct order and test 1173 verifies
this. Only 14 man pages needed adjustments.

The sections and the order is as follows:

- NAME
- SYNOPSIS
- DESCRIPTION
- PROTOCOLS
- EXAMPLE
- AVAILABILITY
- RETURN VALUE
- SEE ALSO

Reviewed-by: Daniel Gustafsson
Closes #7656

show more ...

opt-docs: make sure all man pages have examples

Extended manpage-syntax.pl (run by test 1173) to check that every man
page for a libcurl option has an EXAMPLE section that is more than t

opt-docs: make sure all man pages have examples

Extended manpage-syntax.pl (run by test 1173) to check that every man
page for a libcurl option has an EXAMPLE section that is more than two
lines. Then fixed all errors it found and added examples.

Reviewed-by: Daniel Gustafsson
Closes #7656

show more ...

get.d: provide more useful examples

Closes #7668

page-header: add GOPHERS, simplify wording in the 1st para

Closes #7665

connect: get local port + ip also when reusing connections

Regression. In d6a37c23a3c (7.75.0) we removed the duplicated storage
(connection + easy handle), so this info needs be extract

connect: get local port + ip also when reusing connections

Regression. In d6a37c23a3c (7.75.0) we removed the duplicated storage
(connection + easy handle), so this info needs be extracted again even
for re-used connections.

Add test 435 to verify

Reported-by: Max Dymond
Fixes #7660
Closes #7662

show more ...

multi: fix compiler warning with `CURL_DISABLE_WAKEUP`

`use_wakeup` is unused in this case.

Closes https://github.com/curl/curl/pull/7661

tests: adjust the tftpd output to work with hyper mode

By making them look less like http headers, the hyper mode "tweak"
doesn't interfere.

Enable test 2002 and 2003 in hyper b

tests: adjust the tftpd output to work with hyper mode

By making them look less like http headers, the hyper mode "tweak"
doesn't interfere.

Enable test 2002 and 2003 in hyper builds (and 1280 which is unrelated
but should be enabled).

Closes #7658

show more ...

openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA

This adds support for the previously unhandled supplemental data which
in -v output was printed like:

TLSv1.2 (IN), TLS header, U

openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA

This adds support for the previously unhandled supplemental data which
in -v output was printed like:

TLSv1.2 (IN), TLS header, Unknown (23):

These will now be printed with proper annotation:

TLSv1.2 (OUT), TLS header, Supplemental data (23):

Closes #7652
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

curl.1: provide examples for each option

The file format for each option now features a "Example:" header that
can provide one or more examples that get rendered appropriately in the

curl.1: provide examples for each option

The file format for each option now features a "Example:" header that
can provide one or more examples that get rendered appropriately in the
output. All options MUST have at least one example or gen.pl complains
at build-time.

This fix also does a few other minor format and consistency cleanups.

Closes #7654

show more ...

progress: make trspeed avoid floats

and compiler warnings for data conversions.

Reported-by: Michał Antoniak
Fixes #7645
Closes #7653

test365: verify response with chunked AND Content-Length headers

http: ignore content-length if any transfer-encoding is used

Fixes #7643
Closes #7649

RELEASE-NOTES: synced

Revert "http2: skip immediate parsing of payload following protocol switch"

This reverts commit 455a63c66f188598275e87d32de2c4e8e26b80cb.

Reported-by: Tk Xiong
Fixes #7633
C

Revert "http2: skip immediate parsing of payload following protocol switch"

This reverts commit 455a63c66f188598275e87d32de2c4e8e26b80cb.

Reported-by: Tk Xiong
Fixes #7633
Closes #7648

show more ...

KNOWN_BUGS: HTTP/3 doesn't support client certs

Closes #7625

mailing lists: move from cool.haxx.se to lists.haxx.se

http_proxy: only wait for writable socket while sending request

Otherwise it would wait socket writability even after the entire CONNECT
request has sent and make curl basically busy-loo

http_proxy: only wait for writable socket while sending request

Otherwise it would wait socket writability even after the entire CONNECT
request has sent and make curl basically busy-loop while waiting for a
response to come back.

The previous fix attempt in #7484 (c27a70a591a4) was inadequate.

Reported-by: zloi-user on github
Reported-by: Oleguer Llopart
Fixes #7589
Closes #7647

show more ...

http: disallow >3-digit response codes

Make the built-in HTTP parser behave similar to hyper and reject any
HTTP response using more than 3 digits for the response code.

Updated

http: disallow >3-digit response codes

Make the built-in HTTP parser behave similar to hyper and reject any
HTTP response using more than 3 digits for the response code.

Updated test 1432 accordingly.
Enabled test 1432 in the hyper builds.

Closes #7641

show more ...

ngtcp2: stop buffering crypto data

Stop buffering crypto data because libngtcp2 now buffers submitted
crypto data.

Closes #7637